Intrusion Prevention

MS.IE.HTTPS.ProxyAuthentication.Basic

Description

Indicates a possible exploit of an information disclosure vulnerability in Microsoft Internet Explorer, that allows remote attackers to obtain sensitive information when using an HTTPS proxy server that requires Basic Authentication.

Affected Products

Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 5.5 SP2
Microsoft Internet Explorer 5.0.1 SP4
Avaya Unified Communications Center S3400
Avaya S8100 Media Servers R9
Avaya S8100 Media Servers R8
Avaya S8100 Media Servers R7
Avaya S8100 Media Servers R6
Avaya S8100 Media Servers R12
Avaya S8100 Media Servers R11
Avaya S8100 Media Servers R10
Avaya S8100 Media Servers
Avaya Modular Messaging (MAS)
Avaya IP600 Media Servers R9
Avaya IP600 Media Servers R8
Avaya IP600 Media Servers R7
Avaya IP600 Media Servers R6
Avaya IP600 Media Servers R12
Avaya IP600 Media Servers R11
Avaya IP600 Media Servers R10
Avaya IP600 Media Servers
Avaya DefinityOne Media Servers R9
Avaya DefinityOne Media Servers R8
Avaya DefinityOne Media Servers R7
Avaya DefinityOne Media Servers R6
Avaya DefinityOne Media Servers R12
Avaya DefinityOne Media Servers R11
Avaya DefinityOne Media Servers R10
Avaya DefinityOne Media Servers

Impact

Sensitive information disclosure

Recommended Actions

Microsoft has released fixes for supported operating system versions. Fixes for Internet Explorer 5.5 SP 2 running on Windows ME and Internet Explorer 6 SP 1 running on Windows 98/98SE/ME can be obtained through the Microsoft Update Web site or the Windows Update Web site.
Avaya has released advisory ASA-2005-234 detailing affected Avaya products. Please see the referenced advisory for further information.
Microsoft Internet Explorer 5.0.1 SP4
* Microsoft Cumulative Update for Internet Explorer 5.01 Service Pack 4 (KB905915)
For Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
http://www.microsoft.com/downloads/details.aspx?familyid=4005B74A-D6E6 -4A32-A3B1-276686B4A428&displaylang=en
Microsoft Internet Explorer 6.0 SP1
* Microsoft Cumulative Update for Internet Explorer 6 SP1 (KB905915)
For Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=A8443CD2-D98D -427B-9F0E-BD7E19FCB994&displaylang=en
Microsoft Internet Explorer 6.0
* Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 (KB905915)
For Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=9D70FB20-C7C9 -43AF-A864-6DBC9A542CC6&displaylang=en
* Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 64-bit Itanium Edition (KB905915)
For Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?familyid=1EE790B9-E596 -4344-AEC3-FCB3289D7E9C&displaylang=en
* Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 x64 Edition (KB905915)
For Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=8E9C23E5-7988 -42DA-A8BD-2C1A534BF995&displaylang=en
* Microsoft Cumulative Update for Internet Explorer for Windows XP Service Pack 2 (KB905915)
For Internet Explorer 6 for Microsoft Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=E4B5BA57-D4F2 -4798-9154-2869E371C9D1&displaylang=en
* Microsoft Cumulative Update for Internet Explorer for Windows XP x64 Edition (KB905915)
For Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=E1652B4A-6339 -4B31-8ACF-D2A844C24F70&displaylang=en

CVE References

CVE-2005-2830